The quantum meltdown of encryption

Shlomi Dolev is the Chair Professor and founder of the Computer Science department of Ben-Guiron University of the Negev. He is the author of Self-Stabilization. Shlomi also is a cybersecurity entrepreneur and the co-founder and chief scientist of Secret Double Octopus.

The world stands at the cusp of one of the greatest breakthroughs in information technology. Huge leaps forward in all fields of computer science, from data analysis to machine learning, will result from this breakthrough. But like all of man’s technological achievements, from the combustion engine to nuclear power, harnessing quantum comes with potential dangers as well. Quantum computers have created a slew of unforeseen vulnerabilities in the very infrastructure that keeps the digital sphere safe.

The underlying assumption behind nearly all encryption ciphers used today is that their complexity precludes any attempt by hackers to break them, as it would take years for even our most advanced conventional computers to do so. But quantum computing will change all of that.

Quantum computers promise to bring computational power leaps and bounds ahead of our most advanced machines. Recently, scientists at Google began testing their cutting edge 72 qubit quantum computer. The researchers expect to demonstrate with this machine quantum supremacy, or the ability to perform a calculation impossible with traditional computers.

Chink in the Armor

Today’s standard encryption techniques are based on what’s called Public Key Infrastructure or PKI, a set of protocols brought to the world of information technology in the 1970’s. PKI works by generating a complex cipher through random numbers that only the intended recipient of a given message, the one in possession of the private key, can decode.

As a system of encoding data, PKI was sound and reliable. But in order to implement it as a method to be used in the real world, there was still one question that needed to be answered: how could individuals confirm the identity of a party reaching out and making a request to communicate? This vulnerability left the door open for cybercriminals to impersonate legitimate servers, or worse, insert themselves into a conversation between users and intercept communications between them, in what’s known as a Man-in-the-Middle (MITM) attack.

The industry produced a solution to this authentication problem in the form of digital certificates, electronic documents the contents of which can prove senders are actually who they claim to be. The submission of certificates at the initiation of a session allows the parties to know who it is they are about to communicate with. Today, trusted third party companies called Certificate Authorities, or CAs, create and provide these documents that are relied upon by everyone from private users to the biggest names in tech.

The problem is that certificates themselves rely on public-key cryptographic functions for their reliability, which, in the not too distant future, will be vulnerable to attack by quantum machines. Altered certificates could then be used by cyber criminals to fake their identities, completely undermining certificates as a method of authentication.

Decentralizing the Threat

This isn’t the first time we’ve had to get creative when it comes to encryption.

When Bitcoin creator Satoshi Nakamoto, whose true identity is still unknown, revealed his revolutionary idea in a 2008 white paper, he also introduced the beginnings of a unique peer-to-peer authentication system that today we call blockchain. The brilliantly innovative blockchain system at its core is an open ledger that records transactions between two parties in a permanent way without needing third-party authentication. Blockchain provided the global record-keeping network that has kept Nakamoto’s digital currency safe from fraudsters. Blockchain is based on the concept of decentralization, spreading the authentication process across a large body of users. No single piece of data can be altered without the alteration of all other blocks, which would require the collusion of the majority of the entire network.

For years, blockchain and Bitcoin remained one and the same. About five years ago, innovators in the industry began to realize that blockchain could be used for more than just securing cryptocurrency. Altering the original system designed for Bitcoin could produce programs to be applied in a wide range of industries, from healthcare, to insurance, to political elections. Gradually, new decentralized systems began to emerge such as those of Ripple and Litecoin. In 2015, one of the original contributors to the Bitcoin codebase Vitalik Buterin released his Ethereum project also based on blockchain. What these new platforms added to the picture was the ability to record new types of data in addition to currency exchanges, such as loans and contractual agreements.

Saving PKI

The best solution for protecting encryption from our ever-growing processing power is integrating decentralization into Public Key Infrastructure.

What this means essentially, is that instead of keeping digital certificates in one centralized location, which makes them vulnerable to being hacked and tampered with, they would be spread out in a world-wide ledger, one fundamentally impervious to alteration. A hacker attempting to modify certificates would be unable to pull off such a fraud, as it would mean changing data stored on enumerable diversified blocks spread out across the cyber sphere.

Decentralization has already been proven as a highly effective way of protecting recorded data from tampering. Similarly, using a blockchain-type system to replace the single entity Certificate Authority, can keep our digital certificates much safer. It is in fact one of the only foreseeable solutions to keep the quantum revolution from undermining the foundation of PKI.